package com.aaa.controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;

// jsr250Enabled 安全注解
@RestController
@RequestMapping("j")
public class Jsr250Controller {

    // 默认都可以访问
    @RequestMapping("/m1")
    public String m1(){
        return "m1";
    }

    // 所有用户可访问
    @PermitAll
    @RequestMapping("/m2")
    public String m2(){
        return "m2";
    }

    // 所有用户拒绝访问
    @DenyAll
    @RequestMapping("/m3")
    public String m3(){
        return "m3";
    }

    @RolesAllowed("ROLE_ADMIN")
    @RequestMapping("/m4")
    public String m4(){
        return "m4";
    }

    @RolesAllowed({"ROLE_ADMIN","ROLE_TEST"})
    @RequestMapping("/m5")
    public String m5(){
        return "m5";
    }

    // 角色可以省略ROLE_
    @RolesAllowed({"ADMIN"})
    @RequestMapping("/m6")
    public String m6(){
        return "m6";
    }

    // 不能判断权限
    @RolesAllowed({"select"})
    @RequestMapping("/m7")
    public String m7(){
        return "m7";
    }
}
